Package: logcheck Version: 1.2.54 Severity: grave Tags: security Justification: user security hole
Logcheck can leave a world readable dead.letter that contains parsed logs. Steps to reproduce: * Create a lot of logs that will not be filtered by logcheck. (very easy). 10MBytes should be enough. You have an hour to do so. * When logcheck runs it will produce a file of size X MBytes to be mailed to root * Most MTAs have a limit for the maximum message size. If it is exceeded and you're using sendmail, the mail will be saved in a file named dead.letter * For logcheck this is placed in: /var/lib/logcheck/dead.letter * Go read this file and get some logs that you should not see Example file: -rw-r--r-- 1 logcheck logcheck 17001006 2008-05-15 15:02 /var/lib/logcheck/dead.letter Proposed solution: Change permissions of /var/lib/logcheck dir to 770 -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-amd64 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii adduser 3.102 Add and remove users and groups ii cron 3.0pl1-100 management of regular background p ii debconf 1.5.11etch1 Debian configuration management sy ii grep 2.5.1.ds2-6 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logtail 1.2.54 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii sendmail-bin [ma 8.13.8-3 powerful, efficient, and scalable ii sysklogd [system 1.4.1-18 System Logging Daemon Versions of packages logcheck recommends: ii logcheck-database 1.2.54 database of system log rules for t -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]